Metasploit Anti-Forensic Investigation Arsenal (MAFIA)

These are high level antiforensic tools, not to be used by little girls, you will need a good understanding of computers to know what you are doing:

1- Timestomp – First ever tool that allows you to modify all four NTFS timestamp values: modified, accessed, created, and entry modified.

2- Slacker – First ever tool that allows you to hide files within the slack space of the NTFS file system.

3- Sam Juicer – A Meterpreter module that dumps the hashes from the SAM, but does it without ever hitting disk.

These are not new tools, they have been around for a couple of years already and they are still as useful as when they came out. You can download them at Metasploit website, a highly reccomended place for all those interested in antiforensics.

The next time your laptop gets seized at the border because the Customs Officer  did not get his usual bribe, or got pissed off that your wife hooters are bigger than his dwarfed and rusty piece of flesh he calls wife at home. Make sure the corrupt officers get to confiscate a full encrypted laptop and a thumbdrive UNENCRYPTED with all file timestamps changed to 20th April, 1889, a date they will be familiar with, as that is when Hitler was born.

http://www.metasploit.net/research/projects/antiforensics/

Video: LayerOne 2006 – Paul Henry – Anti-Forensics

Paul Henry is a VP at Secure Computing. In this video he discusses computer forensics and methods people use to circumvent forensic techniques, notice this video is near 1 hour long!